remove BpfLoader.KmeshConfig to prevent writing using it, should always use the method provided

hzxuzhonghu · hzxuzhonghu · commit a669a5fc4d0d · 2025-04-29T09:21:46.000+08:00
Signed-off-by: Zhonghu Xu &lt;xuzhonghu@huawei.com&gt;
diff --git a/pkg/bpf/bpf.go b/pkg/bpf/bpf.go
@@ -57,8 +57,7 @@ type BpfLoader struct {
 
 	obj         *ads.BpfAds
 	workloadObj *workload.BpfWorkload
-	factory.KmeshBpfConfig
-	versionMap *ebpf.Map
+	versionMap  *ebpf.Map
 }
 
 func NewBpfLoader(config *options.BpfConfig) *BpfLoader {
@@ -89,15 +88,13 @@ func (l *BpfLoader) Start() error {
 		if err = l.obj.Start(); err != nil {
 			return err
 		}
-		l.KmeshBpfConfig = l.obj.GetBpfConfigVariable()
 	} else if l.config.DualEngineEnabled() {
 		if l.workloadObj, err = workload.NewBpfWorkload(l.config); err != nil {
 			return err
 		}
 		if err = l.workloadObj.Start(); err != nil {
 			return err
 		}
-		l.KmeshBpfConfig = l.workloadObj.GetBpfConfigVariable()
 		// TODO: set bpf prog option in kernel native node
 		l.setBpfProgOptions()
 	}
@@ -294,22 +291,18 @@ func (l *BpfLoader) setBpfProgOptions() {
 
 	// Kmesh reboot updates only the nodeIP and pod sub gateway
 	if restart.GetStartType() == restart.Normal {
-		if err := l.NodeIP.Set(nodeIP); err != nil {
+		if err := l.UpdateNodeIP(nodeIP); err != nil {
 			log.Error("set NodeIP failed ", err)
 			return
 		}
-		if err := l.PodGateway.Set(gateway); err != nil {
+		if err := l.UpdatePodGateway(gateway); err != nil {
 			log.Error("set PodGateway failed ", err)
 			return
 		}
-		if err := l.AuthzOffload.Set(constants.ENABLED); err != nil {
+		if err := l.UpdateAuthzOffload(constants.ENABLED); err != nil {
 			log.Error("set AuthzOffload failed ", err)
 			return
 		}
-		if err := l.EnableMonitoring.Set(constants.ENABLED); err != nil {
-			log.Error("set EnableMonitoring failed ", err)
-			return
-		}
 	}
 }
 
@@ -396,6 +389,9 @@ func (l *BpfLoader) UpdateBpfLogLevel(BpfLogLevel uint32) error {
 		if err := l.workloadObj.SendMsg.BpfLogLevel.Set(BpfLogLevel); err != nil {
 			return fmt.Errorf("set sendmsg BpfLogLevel failed %w", err)
 		}
+		if err := l.workloadObj.CgroupSkb.BpfLogLevel.Set(BpfLogLevel); err != nil {
+			return fmt.Errorf("set sendmsg BpfLogLevel failed %w", err)
+		}
 	} else if l.obj != nil {
 		if err := l.obj.SockConn.BpfLogLevel.Set(BpfLogLevel); err != nil {
 			return fmt.Errorf("set sockcon BpfLogLevel failed %w", err)
@@ -409,65 +405,73 @@ func (l *BpfLoader) UpdateBpfLogLevel(BpfLogLevel uint32) error {
 }
 
 func (l *BpfLoader) GetBpfLogLevel() uint32 {
-	if l.BpfLogLevel != nil {
-		var BpfLogLevel uint32
-		if err := l.BpfLogLevel.Get(&BpfLogLevel); err != nil {
+	var BpfLogLevel uint32
+	if l.workloadObj != nil {
+		if err := l.workloadObj.SockConn.BpfLogLevel.Get(&BpfLogLevel); err != nil {
+			log.Errorf("get BpfLogLevel failed %v", err)
+			return 0
+		}
+	} else if l.obj != nil {
+		if err := l.obj.SockConn.BpfLogLevel.Get(&BpfLogLevel); err != nil {
 			log.Errorf("get BpfLogLevel failed %v", err)
 			return 0
 		}
-		return BpfLogLevel
 	}
 
 	return 0
 }
 
 func (l *BpfLoader) UpdateNodeIP(NodeIP [16]byte) error {
-	if l.NodeIP != nil {
-		if err := l.NodeIP.Set(NodeIP); err != nil {
+	if l.workloadObj != nil {
+		if err := l.workloadObj.SockOps.NodeIp.Set(NodeIP); err != nil {
 			return fmt.Errorf("set NodeIP failed %w", err)
 		}
+	} else if l.obj != nil {
+		return fmt.Errorf("unsupported nodeIP for kernel-native mode")
 	}
 
 	return nil
 }
 
 func (l *BpfLoader) GetNodeIP() [16]byte {
-	if l.NodeIP != nil {
-		var NodeIP [16]byte
-		if err := l.NodeIP.Get(&NodeIP); err != nil {
+	if l.workloadObj != nil {
+		var nodeIP [16]byte
+		if err := l.workloadObj.SockOps.NodeIp.Get(&nodeIP); err != nil {
 			log.Errorf("get NodeIP failed %v", err)
 			return [16]byte{}
 		}
-		return NodeIP
+		return nodeIP
 	}
 	return [16]byte{}
 }
 
-func (l *BpfLoader) UpdatePodGateway(PodGateway [16]byte) error {
-	if l.PodGateway != nil {
-		if err := l.PodGateway.Set(PodGateway); err != nil {
+func (l *BpfLoader) UpdatePodGateway(podGateway [16]byte) error {
+	if l.workloadObj != nil {
+		if err := l.workloadObj.SockOps.PodGateway.Set(podGateway); err != nil {
 			return fmt.Errorf("set PodGateway failed %w", err)
 		}
+	} else if l.obj != nil {
+		return fmt.Errorf("unsupported PodGateway for kernel-native mode")
 	}
 
 	return nil
 }
 
 func (l *BpfLoader) GetPodGateway() [16]byte {
-	if l.PodGateway != nil {
-		var PodGateway [16]byte
-		if err := l.PodGateway.Get(&PodGateway); err != nil {
+	if l.workloadObj != nil {
+		var podGateway [16]byte
+		if err := l.workloadObj.SockOps.PodGateway.Get(&podGateway); err != nil {
 			log.Errorf("get PodGateway failed %v", err)
 			return [16]byte{}
 		}
-		return PodGateway
+		return podGateway
 	}
 	return [16]byte{}
 }
 
-func (l *BpfLoader) UpdateAuthzOffload(AuthzOffload uint32) error {
-	if l.AuthzOffload != nil {
-		if err := l.AuthzOffload.Set(AuthzOffload); err != nil {
+func (l *BpfLoader) UpdateAuthzOffload(authzOffload uint32) error {
+	if l.workloadObj != nil {
+		if err := l.workloadObj.XdpAuth.AuthzOffload.Set(authzOffload); err != nil {
 			return fmt.Errorf("set AuthzOffload failed %w", err)
 		}
 	}
@@ -476,23 +480,23 @@ func (l *BpfLoader) UpdateAuthzOffload(AuthzOffload uint32) error {
 }
 
 func (l *BpfLoader) GetAuthzOffload() uint32 {
-	if l.AuthzOffload != nil {
-		var AuthzOffload uint32
-		if err := l.AuthzOffload.Get(&AuthzOffload); err != nil {
+	if l.workloadObj != nil {
+		var authzOffload uint32
+		if err := l.workloadObj.XdpAuth.AuthzOffload.Get(&authzOffload); err != nil {
 			log.Errorf("get AuthzOffload failed %v", err)
 			return 0
 		}
-		return AuthzOffload
+		return authzOffload
 	}
 	return 0
 }
 
-func (l *BpfLoader) UpdateEnableMonitoring(EnableMonitoring uint32) error {
+func (l *BpfLoader) UpdateEnableMonitoring(enableMonitoring uint32) error {
 	if l.workloadObj != nil {
-		if err := l.workloadObj.CgroupSkb.EnableMonitoring.Set(EnableMonitoring); err != nil {
+		if err := l.workloadObj.CgroupSkb.EnableMonitoring.Set(enableMonitoring); err != nil {
 			return fmt.Errorf("set CgroupSkb EnableMonitoring failed %w", err)
 		}
-		if err := l.workloadObj.SockOps.EnableMonitoring.Set(EnableMonitoring); err != nil {
+		if err := l.workloadObj.SockOps.EnableMonitoring.Set(enableMonitoring); err != nil {
 			return fmt.Errorf("set SockOps EnableMonitoring failed %w", err)
 		}
 	}
@@ -501,13 +505,13 @@ func (l *BpfLoader) UpdateEnableMonitoring(EnableMonitoring uint32) error {
 }
 
 func (l *BpfLoader) GetEnableMonitoring() uint32 {
-	if l.EnableMonitoring != nil {
-		var EnableMonitoring uint32
-		if err := l.EnableMonitoring.Get(&EnableMonitoring); err != nil {
+	if l.workloadObj != nil {
+		var enableMonitoring uint32
+		if err := l.workloadObj.CgroupSkb.EnableMonitoring.Get(&enableMonitoring); err != nil {
 			log.Errorf("get EnableMonitoring failed %v", err)
 			return 0
 		}
-		return EnableMonitoring
+		return enableMonitoring
 	}
 	return 0
 }

Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,7 @@ type BpfLoader struct {`
`57`	`57`
`58`	`58`	`obj *ads.BpfAds`
`59`	`59`	`workloadObj *workload.BpfWorkload`
`60`		`- factory.KmeshBpfConfig`
`61`		`- versionMap *ebpf.Map`
	`60`	`+ versionMap *ebpf.Map`
`62`	`61`	`}`
`63`	`62`
`64`	`63`	`func NewBpfLoader(config options.BpfConfig) BpfLoader {`
`@@ -89,15 +88,13 @@ func (l *BpfLoader) Start() error {`
`89`	`88`	`if err = l.obj.Start(); err != nil {`
`90`	`89`	`return err`
`91`	`90`	`}`
`92`		`- l.KmeshBpfConfig = l.obj.GetBpfConfigVariable()`
`93`	`91`	`} else if l.config.DualEngineEnabled() {`
`94`	`92`	`if l.workloadObj, err = workload.NewBpfWorkload(l.config); err != nil {`
`95`	`93`	`return err`
`96`	`94`	`}`
`97`	`95`	`if err = l.workloadObj.Start(); err != nil {`
`98`	`96`	`return err`
`99`	`97`	`}`
`100`		`- l.KmeshBpfConfig = l.workloadObj.GetBpfConfigVariable()`
`101`	`98`	`// TODO: set bpf prog option in kernel native node`
`102`	`99`	`l.setBpfProgOptions()`
`103`	`100`	`}`
`@@ -294,22 +291,18 @@ func (l *BpfLoader) setBpfProgOptions() {`
`294`	`291`
`295`	`292`	`// Kmesh reboot updates only the nodeIP and pod sub gateway`
`296`	`293`	`if restart.GetStartType() == restart.Normal {`
`297`		`- if err := l.NodeIP.Set(nodeIP); err != nil {`
	`294`	`+ if err := l.UpdateNodeIP(nodeIP); err != nil {`
`298`	`295`	`log.Error("set NodeIP failed ", err)`
`299`	`296`	`return`
`300`	`297`	`}`
`301`		`- if err := l.PodGateway.Set(gateway); err != nil {`
	`298`	`+ if err := l.UpdatePodGateway(gateway); err != nil {`
`302`	`299`	`log.Error("set PodGateway failed ", err)`
`303`	`300`	`return`
`304`	`301`	`}`
`305`		`- if err := l.AuthzOffload.Set(constants.ENABLED); err != nil {`
	`302`	`+ if err := l.UpdateAuthzOffload(constants.ENABLED); err != nil {`
`306`	`303`	`log.Error("set AuthzOffload failed ", err)`
`307`	`304`	`return`
`308`	`305`	`}`
`309`		`- if err := l.EnableMonitoring.Set(constants.ENABLED); err != nil {`
`310`		`- log.Error("set EnableMonitoring failed ", err)`
`311`		`- return`
`312`		`- }`
`313`	`306`	`}`
`314`	`307`	`}`
`315`	`308`
`@@ -396,6 +389,9 @@ func (l *BpfLoader) UpdateBpfLogLevel(BpfLogLevel uint32) error {`
`396`	`389`	`if err := l.workloadObj.SendMsg.BpfLogLevel.Set(BpfLogLevel); err != nil {`
`397`	`390`	`return fmt.Errorf("set sendmsg BpfLogLevel failed %w", err)`
`398`	`391`	`}`
	`392`	`+ if err := l.workloadObj.CgroupSkb.BpfLogLevel.Set(BpfLogLevel); err != nil {`
	`393`	`+ return fmt.Errorf("set sendmsg BpfLogLevel failed %w", err)`
	`394`	`+ }`
`399`	`395`	`} else if l.obj != nil {`
`400`	`396`	`if err := l.obj.SockConn.BpfLogLevel.Set(BpfLogLevel); err != nil {`
`401`	`397`	`return fmt.Errorf("set sockcon BpfLogLevel failed %w", err)`
`@@ -409,65 +405,73 @@ func (l *BpfLoader) UpdateBpfLogLevel(BpfLogLevel uint32) error {`
`409`	`405`	`}`
`410`	`406`
`411`	`407`	`func (l *BpfLoader) GetBpfLogLevel() uint32 {`
`412`		`- if l.BpfLogLevel != nil {`
`413`		`- var BpfLogLevel uint32`
`414`		`- if err := l.BpfLogLevel.Get(&BpfLogLevel); err != nil {`
	`408`	`+ var BpfLogLevel uint32`
	`409`	`+ if l.workloadObj != nil {`
	`410`	`+ if err := l.workloadObj.SockConn.BpfLogLevel.Get(&BpfLogLevel); err != nil {`
	`411`	`+ log.Errorf("get BpfLogLevel failed %v", err)`
	`412`	`+ return 0`
	`413`	`+ }`
	`414`	`+ } else if l.obj != nil {`
	`415`	`+ if err := l.obj.SockConn.BpfLogLevel.Get(&BpfLogLevel); err != nil {`
`415`	`416`	`log.Errorf("get BpfLogLevel failed %v", err)`
`416`	`417`	`return 0`
`417`	`418`	`}`
`418`		`- return BpfLogLevel`
`419`	`419`	`}`
`420`	`420`
`421`	`421`	`return 0`
`422`	`422`	`}`
`423`	`423`
`424`	`424`	`func (l *BpfLoader) UpdateNodeIP(NodeIP [16]byte) error {`
`425`		`- if l.NodeIP != nil {`
`426`		`- if err := l.NodeIP.Set(NodeIP); err != nil {`
	`425`	`+ if l.workloadObj != nil {`
	`426`	`+ if err := l.workloadObj.SockOps.NodeIp.Set(NodeIP); err != nil {`
`427`	`427`	`return fmt.Errorf("set NodeIP failed %w", err)`
`428`	`428`	`}`
	`429`	`+ } else if l.obj != nil {`
	`430`	`+ return fmt.Errorf("unsupported nodeIP for kernel-native mode")`
`429`	`431`	`}`
`430`	`432`
`431`	`433`	`return nil`
`432`	`434`	`}`
`433`	`435`
`434`	`436`	`func (l *BpfLoader) GetNodeIP() [16]byte {`
`435`		`- if l.NodeIP != nil {`
`436`		`- var NodeIP [16]byte`
`437`		`- if err := l.NodeIP.Get(&NodeIP); err != nil {`
	`437`	`+ if l.workloadObj != nil {`
	`438`	`+ var nodeIP [16]byte`
	`439`	`+ if err := l.workloadObj.SockOps.NodeIp.Get(&nodeIP); err != nil {`
`438`	`440`	`log.Errorf("get NodeIP failed %v", err)`
`439`	`441`	`return [16]byte{}`
`440`	`442`	`}`
`441`		`- return NodeIP`
	`443`	`+ return nodeIP`
`442`	`444`	`}`
`443`	`445`	`return [16]byte{}`
`444`	`446`	`}`
`445`	`447`
`446`		`-func (l *BpfLoader) UpdatePodGateway(PodGateway [16]byte) error {`
`447`		`- if l.PodGateway != nil {`
`448`		`- if err := l.PodGateway.Set(PodGateway); err != nil {`
	`448`	`+func (l *BpfLoader) UpdatePodGateway(podGateway [16]byte) error {`
	`449`	`+ if l.workloadObj != nil {`
	`450`	`+ if err := l.workloadObj.SockOps.PodGateway.Set(podGateway); err != nil {`
`449`	`451`	`return fmt.Errorf("set PodGateway failed %w", err)`
`450`	`452`	`}`
	`453`	`+ } else if l.obj != nil {`
	`454`	`+ return fmt.Errorf("unsupported PodGateway for kernel-native mode")`
`451`	`455`	`}`
`452`	`456`
`453`	`457`	`return nil`
`454`	`458`	`}`
`455`	`459`
`456`	`460`	`func (l *BpfLoader) GetPodGateway() [16]byte {`
`457`		`- if l.PodGateway != nil {`
`458`		`- var PodGateway [16]byte`
`459`		`- if err := l.PodGateway.Get(&PodGateway); err != nil {`
	`461`	`+ if l.workloadObj != nil {`
	`462`	`+ var podGateway [16]byte`
	`463`	`+ if err := l.workloadObj.SockOps.PodGateway.Get(&podGateway); err != nil {`
`460`	`464`	`log.Errorf("get PodGateway failed %v", err)`
`461`	`465`	`return [16]byte{}`
`462`	`466`	`}`
`463`		`- return PodGateway`
	`467`	`+ return podGateway`
`464`	`468`	`}`
`465`	`469`	`return [16]byte{}`
`466`	`470`	`}`
`467`	`471`
`468`		`-func (l *BpfLoader) UpdateAuthzOffload(AuthzOffload uint32) error {`
`469`		`- if l.AuthzOffload != nil {`
`470`		`- if err := l.AuthzOffload.Set(AuthzOffload); err != nil {`
	`472`	`+func (l *BpfLoader) UpdateAuthzOffload(authzOffload uint32) error {`
	`473`	`+ if l.workloadObj != nil {`
	`474`	`+ if err := l.workloadObj.XdpAuth.AuthzOffload.Set(authzOffload); err != nil {`
`471`	`475`	`return fmt.Errorf("set AuthzOffload failed %w", err)`
`472`	`476`	`}`
`473`	`477`	`}`
`@@ -476,23 +480,23 @@ func (l *BpfLoader) UpdateAuthzOffload(AuthzOffload uint32) error {`
`476`	`480`	`}`
`477`	`481`
`478`	`482`	`func (l *BpfLoader) GetAuthzOffload() uint32 {`
`479`		`- if l.AuthzOffload != nil {`
`480`		`- var AuthzOffload uint32`
`481`		`- if err := l.AuthzOffload.Get(&AuthzOffload); err != nil {`
	`483`	`+ if l.workloadObj != nil {`
	`484`	`+ var authzOffload uint32`
	`485`	`+ if err := l.workloadObj.XdpAuth.AuthzOffload.Get(&authzOffload); err != nil {`
`482`	`486`	`log.Errorf("get AuthzOffload failed %v", err)`
`483`	`487`	`return 0`
`484`	`488`	`}`
`485`		`- return AuthzOffload`
	`489`	`+ return authzOffload`
`486`	`490`	`}`
`487`	`491`	`return 0`
`488`	`492`	`}`
`489`	`493`
`490`		`-func (l *BpfLoader) UpdateEnableMonitoring(EnableMonitoring uint32) error {`
	`494`	`+func (l *BpfLoader) UpdateEnableMonitoring(enableMonitoring uint32) error {`
`491`	`495`	`if l.workloadObj != nil {`
`492`		`- if err := l.workloadObj.CgroupSkb.EnableMonitoring.Set(EnableMonitoring); err != nil {`
	`496`	`+ if err := l.workloadObj.CgroupSkb.EnableMonitoring.Set(enableMonitoring); err != nil {`
`493`	`497`	`return fmt.Errorf("set CgroupSkb EnableMonitoring failed %w", err)`
`494`	`498`	`}`
`495`		`- if err := l.workloadObj.SockOps.EnableMonitoring.Set(EnableMonitoring); err != nil {`
	`499`	`+ if err := l.workloadObj.SockOps.EnableMonitoring.Set(enableMonitoring); err != nil {`
`496`	`500`	`return fmt.Errorf("set SockOps EnableMonitoring failed %w", err)`
`497`	`501`	`}`
`498`	`502`	`}`
`@@ -501,13 +505,13 @@ func (l *BpfLoader) UpdateEnableMonitoring(EnableMonitoring uint32) error {`
`501`	`505`	`}`
`502`	`506`
`503`	`507`	`func (l *BpfLoader) GetEnableMonitoring() uint32 {`
`504`		`- if l.EnableMonitoring != nil {`
`505`		`- var EnableMonitoring uint32`
`506`		`- if err := l.EnableMonitoring.Get(&EnableMonitoring); err != nil {`
	`508`	`+ if l.workloadObj != nil {`
	`509`	`+ var enableMonitoring uint32`
	`510`	`+ if err := l.workloadObj.CgroupSkb.EnableMonitoring.Get(&enableMonitoring); err != nil {`
`507`	`511`	`log.Errorf("get EnableMonitoring failed %v", err)`
`508`	`512`	`return 0`
`509`	`513`	`}`
`510`		`- return EnableMonitoring`
	`514`	`+ return enableMonitoring`
`511`	`515`	`}`
`512`	`516`	`return 0`
`513`	`517`	`}`